瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 重装机器以后,ie运行变慢,不时有病毒报出

1   1  /  1  页   跳转

重装机器以后,ie运行变慢,不时有病毒报出

收藏
和谐胖子
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-12-31
  • 来自:
发表于: 2006-12-31 15:07 | 只看楼主 短消息 资料
字号: 1楼

重装机器以后,ie运行变慢,不时有病毒报出

进了保护模式,瑞星没有报病毒,在2000里运行ie就会报警,请大家看看
系统活动进程
C:\WINNT\SYSTEM32\SMSS.EXE
C:\WINNT\SYSTEM32\WINLOGON.EXE
C:\WINNT\SYSTEM32\WDMAUD.DRV
C:\WINNT\SYSTEM32\BYVWX.DLL

C:\WINNT\SYSTEM32\CSRSS.EXE
C:\WINNT\SYSTEM32\SERVICES.EXE
C:\WINNT\SYSTEM32\LSASS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINNT\SYSTEM32\KAKATOOL.DLL
C:\WINNT\SYSTEM32\BYVWX.DLL
C:\WINNT\SYSTEM32\XKVQOBMN.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

E:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
C:\WINNT\SYSTEM32\MSVCP60.DLL
E:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL
E:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL
E:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL
E:\PROGRAM FILES\RISING\RFW\PSAPI.DLL
E:\PROGRAM FILES\RISING\RFW\MONDRV.DLL
E:\PROGRAM FILES\RISING\RFW\PROCLIB.DLL
E:\PROGRAM FILES\RISING\RFW\MPORTS.DLL

C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\UNIMDM.TSP
C:\WINNT\SYSTEM32\KMDDSP.TSP
C:\WINNT\SYSTEM32\NDPTSP.TSP
C:\WINNT\SYSTEM32\IPCONF.TSP
C:\WINNT\SYSTEM32\H323.TSP

C:\WINNT\SYSTEM32\NVSVC32.EXE
C:\WINNT\SYSTEM32\REGSVC.EXE
C:\WINNT\SYSTEM32\TCPSVCS.EXE
C:\WINNT\SYSTEM32\SNMP.EXE
C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE
C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEP_CTRL.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

G:\MUMASHAKE\RSDETECT.EXE
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL

C:\WINNT\EXPLORER.EXE
C:\WINNT\APPPATCH\ACLAYERS.DLL
C:\WINNT\SYSTEM32\BYVWX.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL
C:\WINNT\SYSTEM32\RAVEXT.DLL
C:\WINNT\SYSTEM32\XKVQOBMN.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
runeip = C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE
RavTask = "E:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
Synchronization Manager = MOBSYNC.EXE /LOGON
RfwMain = "E:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

其它启动项
WIN.INI
无信息

SYSTEM.INI
SCRNSAVE.EXE = (无)


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
byvwx = C:\WINNT\SYSTEM32\BYVWX.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINNT\SYSTEM32\USERINIT.EXE,


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
RsAutorunsDisabled = NULL
{087FC023-DC5B-41E6-9286-953D382070C1}? = NULL
{30EDADF2-2E26-4965-977B-BBD7E217CC7D} = C:\WINNT\system32\byvwx.dll
{7DA39570-5FD2-4f18-94B4-20730CB3F727} = C:\WINNT\system32\xkvqobmn.dll
{82C8AC65-BF33-4C7B-B323-12C8747BCD09}? = NULL
{8963F81C-D445-4B46-B478-8B18E8047D09}? = NULL
{8D7B2F6E-F8E6-45A4-BBD9-D6DB0F0926A6}? = NULL


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [UDP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [RAW/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
RSVP UDP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2B555BE6-B66C-4519-B728-3D72400DD95B}] SEQPACKET 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2B555BE6-B66C-4519-B728-3D72400DD95B}] DATAGRAM 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{40C8CD5C-4E10-4260-995B-F1CF306A9E76}] SEQPACKET 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{40C8CD5C-4E10-4260-995B-F1CF306A9E76}] DATAGRAM 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BAE10265-A763-46AC-AB22-AE2EE04E2CAA}] SEQPACKET 2 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BAE10265-A763-46AC-AB22-AE2EE04E2CAA}] DATAGRAM 2 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{89600869-9FE8-4CCC-832A-CBE123BE2B87}] SEQPACKET 3 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{89600869-9FE8-4CCC-832A-CBE123BE2B87}] DATAGRAM 3 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B19B8F2C-62E9-44FE-A2DF-4310B45FA559}] SEQPACKET 4 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B19B8F2C-62E9-44FE-A2DF-4310B45FA559}] DATAGRAM 4 = C:\WINNT\SYSTEM32\MSAFD.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINNT\SYSTEM32\SERVICES.EXE
AppMgmt = C:\WINNT\SYSTEM32\SERVICES.EXE
BITS = C:\WINNT\SYSTEM32\SVCHOST.EXE -K BITSGROUP
Browser = C:\WINNT\SYSTEM32\SERVICES.EXE
cisvc = C:\WINNT\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINNT\SYSTEM32\CLIPSRV.EXE
Dhcp = C:\WINNT\SYSTEM32\SERVICES.EXE
dmadmin = C:\WINNT\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINNT\SYSTEM32\SERVICES.EXE
Dnscache = C:\WINNT\SYSTEM32\SERVICES.EXE
Eventlog = C:\WINNT\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
Fax = C:\WINNT\SYSTEM32\FAXSVC.EXE
IISADMIN = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
Iprip = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanserver = C:\WINNT\SYSTEM32\SERVICES.EXE
lanmanworkstation = C:\WINNT\SYSTEM32\SERVICES.EXE
LmHosts = C:\WINNT\SYSTEM32\SERVICES.EXE
Messenger = C:\WINNT\SYSTEM32\SERVICES.EXE
mnmsrvc = C:\WINNT\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINNT\SYSTEM32\MSDTC.EXE
MSFTPSVC = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
MSIServer = C:\WINNT\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINNT\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINNT\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINNT\SYSTEM32\LSASS.EXE
Netman = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINNT\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINNT\SYSTEM32\NVSVC32.EXE
PlugPlay = C:\WINNT\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINNT\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINNT\SYSTEM32\SERVICES.EXE
RasAuto = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteAccess = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINNT\SYSTEM32\REGSVC.EXE
RfwProxySrv = E:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = E:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
RpcLocator = C:\WINNT\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINNT\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "E:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINNT\SYSTEM32\RSVP.EXE -S
SamSs = C:\WINNT\SYSTEM32\LSASS.EXE
SCardDrv = C:\WINNT\SYSTEM32\SCARDSVR.EXE
SCardSvr = C:\WINNT\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINNT\SYSTEM32\MSTASK.EXE
seclogon = C:\WINNT\SYSTEM32\SERVICES.EXE
SENS = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
SimpTcp = C:\WINNT\SYSTEM32\TCPSVCS.EXE
SMTPSVC = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
SNMP = C:\WINNT\SYSTEM32\SNMP.EXE
SNMPTRAP = C:\WINNT\SYSTEM32\SNMPTRAP.EXE
Spooler = C:\WINNT\SYSTEM32\SPOOLSV.EXE
SysmonLog = C:\WINNT\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINNT\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINNT\SYSTEM32\SERVICES.EXE
UPS = C:\WINNT\SYSTEM32\UPS.EXE
UtilMan = C:\WINNT\SYSTEM32\UTILMAN.EXE
W32Time = C:\WINNT\SYSTEM32\SERVICES.EXE
W3SVC = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
WinMgmt = C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE
Wmi = C:\WINNT\SYSTEM32\SERVICES.EXE
wuauserv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K WUGROUP
WZCSVC = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
最后编辑2006-12-31 15:24:51
分享到:
gototop
 
和谐胖子
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-12-31
  • 来自:
发表于: 2006-12-31 15:08 | 只看楼主 短消息 资料
字号: 2楼

文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINNT\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxSmb = C:\WINNT\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINNT\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINNT\SYSTEM32\DRIVERS\RDBSS.SYS
sisidex = C:\WINNT\SYSTEM32\DRIVERS\SISIDEX.SYS
Srv = C:\WINNT\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINNT\SYSTEM32\DRIVERS\ACPI.SYS
AFD = C:\WINNT\SYSTEM32\DRIVERS\AFD.SYS
AsyncMac = C:\WINNT\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINNT\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINNT\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINNT\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINNT\SYSTEM32\DRIVERS\BASETDI.SYS
Cdrom = C:\WINNT\SYSTEM32\DRIVERS\CDROM.SYS
Disk = C:\WINNT\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINNT\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINNT\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINNT\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINNT\SYSTEM32\DRIVERS\DMUSIC.SYS
ExpScaner = E:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
Fdc = C:\WINNT\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINNT\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINNT\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINNT\SYSTEM32\DRIVERS\FTDISK.SYS
gameenum = C:\WINNT\SYSTEM32\DRIVERS\GAMEENUM.SYS
Gpc = C:\WINNT\SYSTEM32\DRIVERS\MSGPC.SYS
HookCont = E:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = E:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
HookSys = E:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
HookUrl = E:\PROGRAM FILES\RISING\RFW\HOOKURL.SYS
i8042prt = C:\WINNT\SYSTEM32\DRIVERS\I8042PRT.SYS
IpFilterDriver = C:\WINNT\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINNT\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINNT\SYSTEM32\DRIVERS\IPNAT.SYS
IPSEC = C:\WINNT\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINNT\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINNT\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINNT\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINNT\SYSTEM32\DRIVERS\KMIXER.SYS
MEMSCAN = E:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
Mouclass = C:\WINNT\SYSTEM32\DRIVERS\MOUCLASS.SYS
mProcRs = E:\PROGRAM FILES\RISING\RFW\MPROCRS.SYS
MSKSSRV = C:\WINNT\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINNT\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINNT\SYSTEM32\DRIVERS\MSPQM.SYS
ms_mpu401 = C:\WINNT\SYSTEM32\DRIVERS\MSMPU401.SYS
NdisTapi = C:\WINNT\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINNT\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINNT\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINNT\SYSTEM32\DRIVERS\NETBT.SYS
NetDetect = C:\WINNT\SYSTEM32\DRIVERS\NETDTECT.SYS
npkcrypt = E:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
npkycryp = E:\PROGRAM FILES\TENCENT\QQ\NPKYCRYP.SYS
nv = C:\WINNT\SYSTEM32\DRIVERS\NV4_MINI.SYS
NwlnkFlt = C:\WINNT\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINNT\SYSTEM32\DRIVERS\NWLNKFWD.SYS
openhci = C:\WINNT\SYSTEM32\DRIVERS\OPENHCI.SYS
Parallel = C:\WINNT\SYSTEM32\DRIVERS\PARALLEL.SYS
Parport = C:\WINNT\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINNT\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINNT\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = C:\WINNT\SYSTEM32\DRIVERS\RASPPTP.SYS
Ptilink = C:\WINNT\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINNT\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINNT\SYSTEM32\DRIVERS\RASL2TP.SYS
Raspti = C:\WINNT\SYSTEM32\DRIVERS\RASPTI.SYS
RCA = C:\WINNT\SYSTEM32\DRIVERS\RCA.SYS
redbook = C:\WINNT\SYSTEM32\DRIVERS\REDBOOK.SYS
RMSPPPOE = C:\WINNT\SYSTEM32\DRIVERS\RMSPPPOE.SYS
RsFwDrv = E:\PROGRAM FILES\RISING\RFW\RSFWDRV.SYS
RsNTGDI = C:\WINNT\SYSTEM32\DRIVERS\RSNTGDI.SYS
RSPPSYS = E:\PROGRAM FILES\RISING\RAV\RSPPSYS.SYS
serenum = C:\WINNT\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINNT\SYSTEM32\DRIVERS\SERIAL.SYS
SiS7012 = C:\WINNT\SYSTEM32\DRIVERS\SIS7012.SYS
SISAGP = C:\WINNT\SYSTEM32\DRIVERS\SISAGPX.SYS
SiSide = C:\WINNT\SYSTEM32\DRIVERS\SISIDE.SYS
SISNIC2K = C:\WINNT\SYSTEM32\DRIVERS\SISNIC2K.SYS
sisperf = C:\WINNT\SYSTEM32\DRIVERS\SISPERF.SYS
swenum = C:\WINNT\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINNT\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINNT\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINNT\SYSTEM32\DRIVERS\TCPIP.SYS
Update = C:\WINNT\SYSTEM32\DRIVERS\UPDATE.SYS
usbhub = C:\WINNT\SYSTEM32\DRIVERS\USBHUB.SYS
VgaSave = C:\WINNT\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINNT\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINNT\SYSTEM32\DRIVERS\WDMAUD.SYS
gototop
 
和谐胖子
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-12-31
  • 来自:
发表于: 2006-12-31 15:33 | 只看楼主 短消息 资料
字号: 3楼


2006-12-31,15:17:27

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byvwx]
    <WinlogonNotify: byvwx><C:\WINNT\system32\byvwx.dll>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <e:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <e:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"E:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\e:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\E:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN Miniport (PPP over Ethernet Protocol) / RMSPPPOE][Running/Manual Start]
  <system32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Service for AC'97 Sample Driver (WDM) / SiS7012][Running/Manual Start]
  <system32\drivers\sis7012.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SISAGPx.sys><Silicon Integrated Systems Corporation>
[SiSide / SiSide][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[sisidex / sisidex][Running/Boot Start]
  <\SystemRoot\system32\drivers\sisidex.sys><Windows (R) 2000 DDK provider>
[SiS PCI Fast Ethernet Adapter Driver for NDIS5 / SISNIC2K][Running/Manual Start]
  <system32\DRIVERS\sisnic2k.sys><SiS Corporation>
[Add Performance Filter Driver / sisperf][Running/Boot Start]
  <\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.>
gototop
 
和谐胖子
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2006-12-31
  • 来自:
发表于: 2006-12-31 15:33 | 只看楼主 短消息 资料
字号: 4楼

==================================
浏览器加载项
[]
  {30EDADF2-2E26-4965-977B-BBD7E217CC7D} <C:\WINNT\system32\byvwx.dll, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINNT\Downloaded Program Files\safein.dll, Beijing eChannels Century Technology Co.,Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[用比特精灵下载(&B)]
  <E:\Program Files\BitSpirit\bsurl.htm, N/A>

==================================
正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 160][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 156][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\byvwx.dll]  [N/A, N/A]
[PID: 208][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 220][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 396][e:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
    [e:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [e:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [e:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 9]
    [e:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [e:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [e:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 408][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 440][E:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 552][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 584][C:\WINNT\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.4230]
[PID: 616][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 668][C:\WINNT\system32\tcpsvcs.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 680][C:\WINNT\System32\snmp.exe]  [Microsoft Corporation, 5.00.2195.7112]
[PID: 696][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 736][C:\WINNT\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.00.0984]
[PID: 868][E:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1056][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\byvwx.dll]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\WINNT\system32\xkvqobmn.dll]  [N/A, N/A]
    [E:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing, Inc., 4.1 (32-bit)]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 976][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 360][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
    [C:\WINNT\system32\byvwx.dll]  [N/A, N/A]
    [C:\WINNT\system32\xkvqobmn.dll]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 1452][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
    [C:\WINNT\system32\byvwx.dll]  [N/A, N/A]
    [C:\WINNT\system32\xkvqobmn.dll]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 1092][G:\mumashake\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT